<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>knife ssh &mdash; chef-client Man Pages</title>
    
    <link rel="stylesheet" href="_static/guide.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    './',
        VERSION:     '',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>


  </head>
  <body>
<div style="background-color: #212c35; text-align: left; padding: 0px 0px 0px 0px">
<a href="http://docs.getchef.com/"><img src="_static/chef_html_logo.png" border="0" alt="Chef"/></a>
</div>


  

    <div class="document">
      <div class="documentwrapper">

          <div class="body">
            
  <div class="section" id="knife-ssh">
<h1>knife ssh<a class="headerlink" href="#knife-ssh" title="Permalink to this headline">¶</a></h1>
<p>The <strong>knife ssh</strong> subcommand is used to invoke SSH commands (in parallel) on a subset of nodes within an organization, based on the results of a <a class="reference external" href="http://docs.opscode.com/essentials_search.html">search query</a> made to the Chef server.</p>
<div class="section" id="syntax">
<h2>Syntax<a class="headerlink" href="#syntax" title="Permalink to this headline">¶</a></h2>
<p>This subcommand has the following syntax:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh SEARCH_QUERY SSH_COMMAND <span class="o">(</span>options<span class="o">)</span>
</pre></div>
</div>
</div>
<div class="section" id="options">
<h2>Options<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Review the list of <a class="reference internal" href="knife_common_options.html"><em>common options</em></a> available to this (and all) knife subcommands and plugins.</p>
</div>
<p>This subcommand has the following options:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">-a</span> <span class="pre">SSH_ATTR</span></tt>, <tt class="docutils literal"><span class="pre">--attribute</span> <span class="pre">SSH_ATTR</span></tt></dt>
<dd>The attribute that is used when opening the SSH connection. The default attribute is the FQDN of the host. Other possible values include a public IP address, a private IP address, or a hostname.</dd>
<dt><tt class="docutils literal"><span class="pre">-A</span></tt>, <tt class="docutils literal"><span class="pre">--forward-agent</span></tt></dt>
<dd>Use to enable SSH agent forwarding.</dd>
<dt><tt class="docutils literal"><span class="pre">-C</span> <span class="pre">NUM</span></tt>, <tt class="docutils literal"><span class="pre">--concurrency</span> <span class="pre">NUM</span></tt></dt>
<dd>The number of allowed concurrent connections.</dd>
<dt><tt class="docutils literal"><span class="pre">-G</span> <span class="pre">GATEWAY</span></tt>, <tt class="docutils literal"><span class="pre">--ssh-gateway</span> <span class="pre">GATEWAY</span></tt></dt>
<dd>The SSH tunnel or gateway that is used to run a bootstrap action on a machine that is not accessible from the workstation.</dd>
<dt><tt class="docutils literal"><span class="pre">-i</span> <span class="pre">IDENTITY_FILE</span></tt>, <tt class="docutils literal"><span class="pre">--identity-file</span> <span class="pre">IDENTIFY_FILE</span></tt></dt>
<dd>The SSH identity file used for authentication. Key-based authentication is recommended.</dd>
<dt><tt class="docutils literal"><span class="pre">-m</span></tt>, <tt class="docutils literal"><span class="pre">--manual-list</span></tt></dt>
<dd>Use to define a search query as a space-separated list of servers. If there is more than one item in the list, put quotes around the entire list. For example: <tt class="docutils literal"><span class="pre">--manual-list</span> <span class="pre">&quot;server01</span> <span class="pre">server</span> <span class="pre">02</span> <span class="pre">server</span> <span class="pre">03&quot;</span></tt></dd>
<dt><tt class="docutils literal"><span class="pre">--[no-]host-key-verify</span></tt></dt>
<dd>Use <tt class="docutils literal"><span class="pre">--no-host-key-verify</span></tt> to disable host key verification. Default setting: <tt class="docutils literal"><span class="pre">--host-key-verify</span></tt>.</dd>
<dt><tt class="docutils literal"><span class="pre">OTHER</span></tt></dt>
<dd>The shell type. Possible values: <tt class="docutils literal"><span class="pre">interactive</span></tt>, <tt class="docutils literal"><span class="pre">screen</span></tt>, <tt class="docutils literal"><span class="pre">tmux</span></tt>, <tt class="docutils literal"><span class="pre">macterm</span></tt>, or <tt class="docutils literal"><span class="pre">cssh</span></tt>. (<tt class="docutils literal"><span class="pre">csshx</span></tt> is deprecated in favor of <tt class="docutils literal"><span class="pre">cssh</span></tt>.)</dd>
<dt><tt class="docutils literal"><span class="pre">-p</span> <span class="pre">PORT</span></tt>, <tt class="docutils literal"><span class="pre">--ssh-port</span> <span class="pre">PORT</span></tt></dt>
<dd>The SSH port.</dd>
<dt><tt class="docutils literal"><span class="pre">-P</span> <span class="pre">PASSWORD</span></tt>, <tt class="docutils literal"><span class="pre">--ssh-password</span> <span class="pre">PASSWORD</span></tt></dt>
<dd>The SSH password. This can be used to pass the password directly on the command line. If this option is not specified (and a password is required) knife will prompt for the password.</dd>
<dt><tt class="docutils literal"><span class="pre">SEARCH_QUERY</span></tt></dt>
<dd>The search query used to return a list of servers to be accessed using SSH and the specified <tt class="docutils literal"><span class="pre">SSH_COMMAND</span></tt>. This option uses the same syntax as the search sub-command.</dd>
<dt><tt class="docutils literal"><span class="pre">SSH_COMMAND</span></tt></dt>
<dd>The command that will be run against the results of a search query.</dd>
<dt><tt class="docutils literal"><span class="pre">-x</span> <span class="pre">USER_NAME</span></tt>, <tt class="docutils literal"><span class="pre">--ssh-user</span> <span class="pre">USER_NAME</span></tt></dt>
<dd>The SSH user name.</dd>
</dl>
</div>
<div class="section" id="examples">
<h2>Examples<a class="headerlink" href="#examples" title="Permalink to this headline">¶</a></h2>
<p>The following examples show how to use this knife subcommand:</p>
<p><strong>Find server uptime</strong></p>
<p>To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh <span class="s2">&quot;role:web&quot;</span> <span class="s2">&quot;uptime&quot;</span> -x ubuntu -a ec2.public_hostname
</pre></div>
</div>
<p>to return something like:</p>
<div class="highlight-bash"><div class="highlight"><pre>ec2-174-129-127-206.compute-1.amazonaws.com  13:50:47 up 1 day, 23:26,  1 user,  load average: 0.25, 0.18, 0.11
ec2-67-202-63-102.compute-1.amazonaws.com    13:50:47 up 1 day, 23:33,  1 user,  load average: 0.12, 0.13, 0.10
ec2-184-73-9-250.compute-1.amazonaws.com     13:50:48 up 16:45,  1 user,  load average: 0.30, 0.22, 0.13
ec2-75-101-240-230.compute-1.amazonaws.com   13:50:48 up 1 day, 22:59,  1 user,  load average: 0.24, 0.17, 0.11
ec2-184-73-60-141.compute-1.amazonaws.com    13:50:48 up 1 day, 23:30,  1 user,  load average: 0.32, 0.17, 0.15
</pre></div>
</div>
<p><strong>Run the chef-client on all nodes</strong></p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh <span class="s1">&#39;name:*&#39;</span> <span class="s1">&#39;sudo chef-client&#39;</span>
</pre></div>
</div>
<p><strong>Force a chef-client run</strong></p>
<p>To force a chef-client run on all of the web servers running Ubuntu on the Amazon EC2 platform, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh <span class="s2">&quot;role:web&quot;</span> <span class="s2">&quot;sudo chef-client&quot;</span> -x ubuntu -a ec2.public_hostname
</pre></div>
</div>
<p>to return something like:</p>
<div class="highlight-bash"><div class="highlight"><pre>ec2-67-202-63-102.compute-1.amazonaws.com   <span class="o">[</span>Fri, 22 Oct 2010 14:18:37 +0000<span class="o">]</span> INFO: Starting Chef Run <span class="o">(</span>Version 0.9.10<span class="o">)</span>
ec2-174-129-127-206.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:37 +0000<span class="o">]</span> INFO: Starting Chef Run <span class="o">(</span>Version 0.9.10<span class="o">)</span>
ec2-184-73-9-250.compute-1.amazonaws.com    <span class="o">[</span>Fri, 22 Oct 2010 14:18:38 +0000<span class="o">]</span> INFO: Starting Chef Run <span class="o">(</span>Version 0.9.10<span class="o">)</span>
ec2-75-101-240-230.compute-1.amazonaws.com  <span class="o">[</span>Fri, 22 Oct 2010 14:18:38 +0000<span class="o">]</span> INFO: Starting Chef Run <span class="o">(</span>Version 0.9.10<span class="o">)</span>
ec2-184-73-60-141.compute-1.amazonaws.com   <span class="o">[</span>Fri, 22 Oct 2010 14:18:38 +0000<span class="o">]</span> INFO: Starting Chef Run <span class="o">(</span>Version 0.9.10<span class="o">)</span>
ec2-174-129-127-206.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Chef Run <span class="nb">complete </span>in 1.419243 seconds
ec2-174-129-127-206.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: cleaning the checksum cache
ec2-174-129-127-206.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Running report handlers
ec2-174-129-127-206.compute-1.amazonaws.com <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Report handlers <span class="nb">complete</span>
ec2-67-202-63-102.compute-1.amazonaws.com   <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Chef Run <span class="nb">complete </span>in 1.578265 seconds
ec2-67-202-63-102.compute-1.amazonaws.com   <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: cleaning the checksum cache
ec2-67-202-63-102.compute-1.amazonaws.com   <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Running report handlers
ec2-67-202-63-102.compute-1.amazonaws.com   <span class="o">[</span>Fri, 22 Oct 2010 14:18:39 +0000<span class="o">]</span> INFO: Report handlers <span class="nb">complete</span>
ec2-184-73-9-250.compute-1.amazonaws.com    <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Chef Run <span class="nb">complete </span>in 1.638884 seconds
ec2-184-73-9-250.compute-1.amazonaws.com    <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: cleaning the checksum cache
ec2-184-73-9-250.compute-1.amazonaws.com    <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Running report handlers
ec2-184-73-9-250.compute-1.amazonaws.com    <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Report handlers <span class="nb">complete</span>
ec2-75-101-240-230.compute-1.amazonaws.com  <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Chef Run <span class="nb">complete </span>in 1.540257 seconds
ec2-75-101-240-230.compute-1.amazonaws.com  <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: cleaning the checksum cache
ec2-75-101-240-230.compute-1.amazonaws.com  <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Running report handlers
ec2-75-101-240-230.compute-1.amazonaws.com  <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Report handlers <span class="nb">complete</span>
ec2-184-73-60-141.compute-1.amazonaws.com   <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Chef Run <span class="nb">complete </span>in 1.502489 seconds
ec2-184-73-60-141.compute-1.amazonaws.com   <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: cleaning the checksum cache
ec2-184-73-60-141.compute-1.amazonaws.com   <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Running report handlers
ec2-184-73-60-141.compute-1.amazonaws.com   <span class="o">[</span>Fri, 22 Oct 2010 14:18:40 +0000<span class="o">]</span> INFO: Report handlers <span class="nb">complete</span>
</pre></div>
</div>
<p><strong>Run a command based on search query</strong></p>
<p>To query for all nodes that have the <tt class="docutils literal"><span class="pre">webserver</span></tt> role and then use SSH to run the command <tt class="docutils literal"><span class="pre">sudo</span> <span class="pre">chef-client</span></tt>, enter:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh <span class="s2">&quot;role:webserver&quot;</span> <span class="s2">&quot;sudo chef-client&quot;</span>
</pre></div>
</div>
<p><strong>Upgrade all nodes</strong></p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh name:* <span class="s2">&quot;sudo aptitude upgrade -y&quot;</span>
</pre></div>
</div>
<p><strong>Specify the shell type</strong></p>
<p>To specify the shell type used on the nodes returned by a search query:</p>
<div class="highlight-bash"><div class="highlight"><pre><span class="nv">$ </span>knife ssh roles:opscode-omnitruck macterm
</pre></div>
</div>
<p>where <tt class="docutils literal"><span class="pre">screen</span></tt> is one of the following values: <tt class="docutils literal"><span class="pre">cssh</span></tt>, <tt class="docutils literal"><span class="pre">interactive</span></tt>, <tt class="docutils literal"><span class="pre">macterm</span></tt>, <tt class="docutils literal"><span class="pre">screen</span></tt>, or <tt class="docutils literal"><span class="pre">tmux</span></tt>. If the node does not have the shell type installed, knife will return an error similar to the following:</p>
<div class="highlight-bash"><div class="highlight"><pre>you need the rb-appscript gem to use knife ssh macterm.
<span class="sb">`</span><span class="o">(</span>sudo<span class="o">)</span> gem    install rb-appscript<span class="sb">`</span> to install
ERROR: LoadError: cannot load such file -- appscript
</pre></div>
</div>
</div>
</div>


          </div>

      </div>

  
      <div class="clearer"></div>
    </div>




  </body>
</html>